bicep/matrix: enable smtp auth
All checks were successful
Eval nix flake / evals (push) Successful in 2m43s
All checks were successful
Eval nix flake / evals (push) Successful in 2m43s
yolo lmao
This commit is contained in:
parent
a6196e67fe
commit
32885891fe
17
hosts/bicep/services/matrix/smtp-authenticator/default.nix
Normal file
17
hosts/bicep/services/matrix/smtp-authenticator/default.nix
Normal file
@ -0,0 +1,17 @@
|
||||
{ lib, buildPythonPackage, fetchFromGitHub }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "matrix-synapse-smtp-auth";
|
||||
version = "0.1.0";
|
||||
|
||||
src = ./.;
|
||||
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "An SMTP auth provider for Synapse";
|
||||
homepage = "pvv.ntnu.no";
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ dandellion ];
|
||||
};
|
||||
}
|
11
hosts/bicep/services/matrix/smtp-authenticator/setup.py
Normal file
11
hosts/bicep/services/matrix/smtp-authenticator/setup.py
Normal file
@ -0,0 +1,11 @@
|
||||
from setuptools import setup
|
||||
|
||||
setup(
|
||||
name="matrix-synapse-smtp-auth",
|
||||
version="0.1.0",
|
||||
py_modules=['smtp_auth_provider'],
|
||||
author="Daniel Løvbrøtte Olsen",
|
||||
author_email="danio@pvv.ntnu.no",
|
||||
description="An SMTP auth provider for Synapse",
|
||||
license="AGPL-3.0-only"
|
||||
)
|
@ -0,0 +1,45 @@
|
||||
from typing import Awaitable, Callable, Optional, Tuple
|
||||
|
||||
from smtplib import SMTP_SSL as SMTP
|
||||
|
||||
import synapse
|
||||
from synapse import module_api
|
||||
|
||||
|
||||
class SMTPAuthProvider:
|
||||
def __init__(self, config: dict, api: module_api):
|
||||
self.api = api
|
||||
|
||||
self.config = config
|
||||
|
||||
api.register_password_auth_provider_callbacks(
|
||||
auth_checkers={
|
||||
("m.login.password", ("password",)): self.check_pass,
|
||||
},
|
||||
)
|
||||
|
||||
async def check_pass(
|
||||
self,
|
||||
username: str,
|
||||
login_type: str,
|
||||
login_dict: "synapse.module_api.JsonDict",
|
||||
):
|
||||
if login_type != "m.login.password":
|
||||
return None
|
||||
|
||||
result = False
|
||||
with SMTP(self.config["smtp_host"]) as smtp:
|
||||
password = login_dict.get("password")
|
||||
try:
|
||||
smtp.login(username, password)
|
||||
result = True
|
||||
except:
|
||||
return None
|
||||
|
||||
if result == True:
|
||||
userid = self.api.get_qualified_user_id(username)
|
||||
if not self.api.check_user_exists(userid):
|
||||
self.api.register_user(username)
|
||||
return (userid, None)
|
||||
else:
|
||||
return None
|
@ -25,6 +25,10 @@ in {
|
||||
services.matrix-synapse-next = {
|
||||
enable = true;
|
||||
|
||||
plugins = [
|
||||
(pkgs.python3Packages.callPackage ./smtp-authenticator { })
|
||||
];
|
||||
|
||||
dataDir = "/data/synapse";
|
||||
|
||||
workers.federationSenders = 2;
|
||||
@ -81,7 +85,15 @@ in {
|
||||
enable_registration = false;
|
||||
registration_shared_secret_path = config.sops.secrets."matrix/synapse/user_registration".path;
|
||||
|
||||
password_config.enabled = lib.mkForce false;
|
||||
password_config.enabled = true;
|
||||
|
||||
modules = [
|
||||
{ module = "smtp_auth_provider.SMTPAuthProvider";
|
||||
config = {
|
||||
smtp_host = "smtp.pvv.ntnu.no";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
trusted_key_servers = [
|
||||
{ server_name = "matrix.org"; }
|
||||
|
Loading…
Reference in New Issue
Block a user